Experts tell Congress that privacy must be paramount in changes to cybersecurity law

Privacy lawyers and a representative from software security company Symantec told Congress on Thursday that sharing data is important to stopping threats. However, private companies must share limited data, not data that can personally identify Internet users. They insisted that government should be transparent about data usage, and that civilian agencies such as the Department of Homeland Security (DHS) are preferable to military or CIA oversight of private data.

“No one’s eager to open the door and hand over information to the government unless there’s a process of some sort—some rule around it,” Harriet Pearson, a privacy lawyer, told Congress.

Thehairman of the cybersecurity subcommittee, Republican Rep. Patrick Meehan of Pennsylvania used the example of a hacked Associated Press Twitter account falsely reporting about attacks on the White House to express the urgency for more security.

“Earlier this week we saw the ramifications of a hacked Twitter account that nearly sent our financial markets into a tailspin,” Meehan said.

One of the largest points of contention was whether Internet protocol (IP) addresses count as data that can reveal a person’s personal information. Former DHS privacy chief Mary Callahan told Congress that information such as email, phone number, and name are definitely considered private and should be removed from private company data provided to the government. However, Callahan said IP addresses are currently a “gray area.”

Cyber attacks such as the recent AP twitter, previous news organizations like The New York Times, and banks like Wells Fargo have created pressure to increase and invest in cybersecurity measures. Government bills designed to address cybersecurity have created a groundswell of opposition as going to far. For example, The Cyber Intelligence Sharing and Protection Act (CISPA), which passed in the House, met resistance in the Senate this week due concerns over privacy.